Webhook in Gitlab App to receive user's repository events? - node.js

I need something similar to Github Webhooks in Gitlab.
https://docs.github.com/en/webhooks-and-events
I have read gitlab documentation but there user needs to add webhook himself on individual repository.
I have created a Gitlab App for authenticating gitlab users, after authenticating I am getting access_token and refresh_token and with this I am able to get user's private repositories, now what I want is that whenever user pushes new code in any of his repo, I want to be notified with the event and payload in my nodejs application.
Below is the settings of my Gitlab App.

Related

How to give other users access to the repository via Github API?

I've got an software where single user can have many projects and can invite many members to single project. And right now I need to create an integration with Github API and connect single project to single repository in Github.
So, I'm starting with authorization to Github via Oauth. First step was adding in React app a single button with redirecting to this URL:
`https://github.com/login/oauth/authorize?client_id=${process.env.REACT_APP_GH_CLIENT_ID}&return_to=/login/oauth/authorize?client_id=${process.env.REACT_APP_GH_CLIENT_ID}&redirect_uri=${githubRedirectUrl}&scope=repo`
and handle callback from this authorization. After redirecting to set earlier callback url I gets an code and send him to server side, where later I make request to this endpoint
https://github.com/login/oauth/access_token
which return me access_token. This access token I save in database and use in every request to Github API via account which is connected.
And now is time, to integrate project with repository of the autorizated earlier account.
I create a simple list of all account repositories, and after click on one record I update project object with values like name, url etc.,
And right now is the most important question, how to enable other application users to perform operations on a connected repository? Should I save in project also access_token of the owner (which connect repo to app) and use this token in all requests to Github API?
/////////////////////////

firebase push notification on specific user by web app in node.js

I am trying to follow host by user, so I want to get notification for particular user not for other user. backend node.js I am getting device token and saving it in local database I am getting the notification but only for one user. how I can manage for other users.. please help me.

GitHub Graph QL Authentication via a Github App

I am just wondering, did anyone manage to authenticate into the Github GraphQL API with using a Github App and how?
The purpose of this is to write a script that pulls information from Github with the GraphQL API, but uses an app for authentication - so it is not user dependant and if a user leaves the organisation it doesn't take the functionality of the script with him.
The aim is to have a script that pulls all the Dependabot alerts from all the repos and pushes them to a Google spreadsheet.
I think I read somewhere Github does not recommend using a user service account.
Thanks
I followed this guide to "Authenticate as an installation", which generates a token.
Then I set a http header to: "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN"

How is a slack webhook safe?

I'm setting up slack alerts on a project I'm working on.
To use slack's Incoming web hook, all you have to do is do a POST request to a slack url. I don't see any security on it. How is this secure? Wouldn't someone be able to post messages if he gets hold of this url, given that the url is public even in https connections ?
The docs you linked say:
Keep it secret, keep it safe. Your webhook URL contains a secret. Don't share it online, including via public version control repositories. Slack actively searches out and revokes leaked secrets.
That is, you should keep the webhook URL as secret as any secret (database passwords, ...) in your app.

How to display that a user is connected to GitHub

I am developing a website like Heroku. I confused what should I do with the Github OAuth part? when you wanna register in Heroku and login you can not use OAuth ways (login/register using Github).
but after login you can create App. now one of your options to upload your codes in the Heroku is to connect your Heroku account to your Github account.
My problem
When the user is logged in how could I redirect the user to another page and after authentication (Github OAuth) how could I detect that this user previously logged in and the user does not need re-login?
Exactly what the Heroku did.
I can not understand how can I send another data to the Github OAuth login page and retrieve it back in callback url to detect which user is logged in now and save his/her access_token & refresh_token in database.
Not that I use expressjs express-session sequelize and ejs.
GitHub, like all OAuth based APIs, requires that each request to the API made on behalf of a user is authenticated with an access_token. If you don't pass an access_token alongside your request, the request will fail with a 401 Unauthorized status code.
There's no way to ask GitHub if a random user has accepted your app. It's not something implemented in the OAuth framework - as it could lead to a security flaw. So it's your responsibility as the application's owner to record which user has authorized your app.
With this in mind, let's try to sum up the differents steps that Heroku had to achieve to display this "Connected" status under the GitHub logo.
When you've signed-up on Heroku, the status of the GitHub integration was "not_connected". If you visit the settings page, you would see a "Connect to GitHub" button.
At some point, in the Heroku dashboard, you have clicked on the "Connect to GitHub" button and have authorized Heroku's app for GitHub. This is where you've been redirected to the callback_url
At this particular time, while you were on the callback_url page, Heroku has recorded in its database the new status of the GitHub integration for your account. It was set to "connected". Heroku has probably saved alongside the access_token and refresh_token.
Every time that you visit the settings page of your app, Heroku can render that you are connected because it has the status in its database.
(optional) When Heroku performs requests to the GitHub API using your access_token it can confirm that the connection is still live. If ever the request failed with a 401 Unauthorized, Heroku can update its database and reset your GitHub integration status to "not_connected".
This work like this for the GitHub API, as well as with any other OAuth based APIs. If you plan to integrate with several APIs, I highly recommend you to use an API Integrations Manager, such as Pizzly. It will help you focus on the business logic ("is my user connected or not?") and totally handle the OAuth process for you.

Resources